'How to capture all request logs from OPA server

I'm using Open Policy Agent (https://www.openpolicyagent.org/docs/latest/). I'm using it in kubernetes. I have various user traffic going on. I have such container logs:

{"client_addr":"[::1]:52362","level":"info","msg":"Received request.","req_body":"","req_id":21,"req_method":"GET","req_params":{},"req_path":"/v1/policies","time":"2022-04-26T15:39:57Z"}

{"client_addr":"[::1]:52362","level":"info","msg":"Sent response.","req_id":21,"req_method":"GET","req_path":"/v1/policies","resp_body":"","resp_bytes":28883,"resp_duration":4.901654,"resp_status":200,"time":"2022-04-26T15:39:57Z"}

I would like to use these logs for monitoring, because they show response status request details, duration and so on. Does anyone has any idea how to get these logs on regular basis? I would like to persist them in my database.

I tried the /metrics endpoint: https://www.openpolicyagent.org/docs/latest/monitoring/ but it has little details, not rich enough for my need.

I also tried decision logs: https://www.openpolicyagent.org/docs/latest/management-decision-logs/ they are good, but they don't cover all the requests made to OPA.

In my use case, I would like to populate requests database of Azure App Insights

Is there a way to capture all the requests?

loggingmonitoringazure-application-insightsopen-policy-agent


Solution 1:[1]

Decision logging for decisions together with the status API for health checks is generally what people log in production systems. This should cover pretty much any need you might have since OPA will produce decisions as long as its healthy, and if it isn't healthy the status API will be used to report that.

Was there anything in particular you found missing / not logged by the decision logger?

Solution 2:[2]

A way that worked for me:

  1. Create a custom docker container. Put OPA there and configure python environment.
  2. Run OPA and stream all logs to python program.
  3. Python will read logs line by line, parse them, then using opencensus-ext-azure library, send them to Azure App Insights.

Solution 3:[3]

A way that worked:

Since OPA is a docker container, which runs in kubernetes in Azure AKS resource, this means, container logs are sent to ContainerLogs table, which could be accessed manually by going: Azure AKS resource -> Logs

How to get container logs with code? Please see explanation below:

  1. Create Log Analytics workspace resource, to accumulate container logs.
  2. Go to Azure kubernetes service, go to Diagnostic settings, configure sending logs to log analytics workspace you created in point 1.
  3. Use Azure Monitor Log Analytics API to get container logs.
  4. Publish logs to Azure App insights using your favorite programming language.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Devoops
Solution 2 Rostislav V
Solution 3 Rostislav V

Related Questions

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

Android: How to open Call Log (missed-outgoing-incoming call view)?

log4j writing to console but not to file (Liferay + Tomcat)

Using python Logging with AWS Lambda

How to log a variable's name and value?

Force log rollover in tomcat log4j2 even if no traffic

Python Selenium - Disable Chromedriver log message in cmd

Gradle stack trace on terminal

Logging to Amazon S3

PyTorch Lightning training console output is weird

Disable signalr console logging

How to stop selenium from printing WebDriver manager startup logs?

In Gradle, how to print out a message in the console / Event Log?

.Net Core 3.1 - Set ForContext for Serilog with Microsoft Ilogger interface

Configure Node.js to log to a file instead of the console